NAME
OCSP_SERVICELOC_new,
OCSP_SERVICELOC_free,
OCSP_url_svcloc_new —
OCSP service locator
extension
SYNOPSIS
#include
<openssl/ocsp.h>
OCSP_SERVICELOC *
OCSP_SERVICELOC_new(void);
void
OCSP_SERVICELOC_free(OCSP_SERVICELOC
*sloc);
X509_EXTENSION *
OCSP_url_svcloc_new(X509_NAME
*issuer, const char **urls);
DESCRIPTION
Due to restrictions of network routing, a client may be unable to directly contact the authoritative OCSP server for a certificate that needs to be checked. In that case, the request can be sent via a proxy server. An ASN.1 ServiceLocator structure is included in the singleRequestExtensions field of the Request structure to indicate where to forward the request. The ServiceLocator is represented by a OCSP_SERVICELOC object, which will be stored inside the OCSP_ONEREQ object documented in OCSP_ONEREQ_new(3).OCSP_SERVICELOC_new()
allocates and initializes an empty OCSP_SERVICELOC
object.
OCSP_SERVICELOC_free()
frees sloc.
OCSP_url_svcloc_new()
requires an issuer name and optionally accepts an
array of urls. If urls or its
first element is NULL, the locator field is omitted
from the ServiceLocator structure and only the issuer
is included. The resulting ServiceLocator structure is
encoded in ASN.1 using
X509V3_EXT_i2d(3) with criticality 0.
RETURN VALUES
OCSP_SERVICELOC_new() returns a new
OCSP_SERVICELOC object or NULL
if an error occurred.
OCSP_url_svcloc_new() returns a new
X509_EXTENSION object or NULL
if an error occurred.
SEE ALSO
OCSP_REQUEST_new(3), X509_EXTENSION_new(3), X509_get1_ocsp(3), X509_get_issuer_name(3), X509_NAME_new(3)
STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.4.6: Service Locator
HISTORY
OCSP_SERVICELOC_new(),
OCSP_SERVICELOC_free(), and
OCSP_url_svcloc_new() first appeared in OpenSSL
0.9.7 and have been available since OpenBSD 3.2.